Due to a newly discovered Windows Flaw, vBulletin is liable to cross site scripting attacks.  They have released a new update to the current 3.6 code stream, and patches for the previous code streams as well.  Go here to find out more (if you have an earlier version, click the patches link).